MCP let us give AI agents hands. It also gave attackers a new, under-audited surface: the tool descriptions and schemas an agent reads before it acts. We trace each of the six weaknesses down to the offending bytes, then look at the gap between spotting them and proving to an auditor that you did.